Msf::Modules::Loader::Archive#each_module_reference_name tried to check
the enabled types for the module_manager by accessing the
enabledment_by_type Hash, which is protected. Instead, it should use
the public type_enabled? method.
Add specs to test all of Msf::Modules::Loader::Archive while testing
each_module_reference_name. In order to properly test that modules
could be found in archives, I had to produce a fastlib archive, so there
is now a spec for FastLib.dump and FastLib.load. Some specs are marked
pending as I found a bug in FastLib, which has a work-around. The bug
is filed in PivotalTracker as
https://www.pivotaltracker.com/story/show/38730815 and the pending tests
include the URL also in their tags.
Just had a brain fart when converting the hash key names and translated
:mtype to :modification_time instead of the correct :type. Correct key
names are in
Msf::ModuleManager::Cache#module_info_by_path_from_database!.
Msf::Config.install_root already existed, but I didn't know about it
until egypt pointed it out, so remove the new Msf.root and use
Msf::Config.install_root in the specs instead.
Depending on how a socket was created, #getsockname will return either a
struct sockaddr as a String (the default ruby Socket behavior) or an
Array (the extend'd Rex::Socket::Tcp behavior). Avoid the ambiguity when
generating SSL certificates for meterpreter handlers by always picking a
random hostname.
This is by no means a proper fix for the underlying problem of
Socket#getsockname having ambiguous behavior before and after being
extended with Rex::Socket::Tcp. It does, however, solve the immediate
problem of not being able to create tunneled meterpreter sessions over
http(s) sessions.
[SeeRM #7350]
[Fixes#37630057]
Modules were always being detected as having file changes because the
parent_path directory, instead of the actual module_path, was being
passed to module_manager.file_changed?, which caused the modification
times to not match.
To ensure this change fixes the ambiguous module warnings, a full spec
for Msf::Core::Modules::Loader::Base has been written.
spec/msf has moved to spec/lib/msf to match conventional spec layout and
allow for the spec/support directory to not be confused as a lib
subdirectory being tested.
Also adds some clarifying commentation and adds todb to the list of
authors since he wrote the original module for windows upon which this
one is based.
Ensures that the absence of activerecord does not prevent msfconsole
from loading. This returns us to the previous state of affairs where it
is possible to use the framework entirely without a database.
To test:
1. rm -rf lib/gemcache/ruby/1.9.1/gems/activerecord*
2. remove any locally installed versions of activerecord
3. msfconsole
msfconsole should load up with a warning like so:
[-] ***
[-] * WARNING: No database support: LoadError cannot load such file -- active_record
[-] ***
... and should still be functional.
I missed a spot where I referenced the nested_paths as nested_pathnams
after I renamed the variable. Now, Msf::ModuleManager#add_module_paths
has rspec tests.
Rspec can be invoked with `rake` as the default task or `rake spec`
explicitly.
I changed RuntimeError to ArgumentError since that error was more
specific to having a bad argument error. I adding missing dependencies
to the Gemfile and a require to msf/core/db_manager.rb where it errored
out trying to access Msf::Config when I just did require 'msf/core' in
the spec.
[#36737359]
The merging of reload_module and the various load_module methods
resulted in the module loading from disk, but because the Hash entry in
the module manager was not deleted before on_module_load was called, the
newly reloaded module was logged as an ambiguous module name instead of
a reload. In order to report the reload errors correctly, I determined
that module_load_error_by_reference_name should really be
module_load_error_by_path. I eliminated faild in favor of this new name
since failed was just calling the attribute and the attribute's name is
clearer about the format of the data.
Tested by run rexploit and then exiting over and over with
ms08_067_netapi. When I messed up the file so it couldn't load, by
adding `inclde Exploit` (note mispelling of `include`), it reported the
error to msfconsole. When I removed the bad line and added a puts
"RELOADING <n>", where I kept incrementing n and saving the file, the
new number appeared during each rexploit.
[#36737359]
Write the module_eval backtrace to the log, but only the error's class
and name to Msf::ModuleManager#module_load_error_by_reference_name as
the contents of the Hash are printed in the console, which should never
recieve backtraces.
[#36737359]
Refactor the behavior of loading symbolic modules from cache by renaming
methods so it's clearer what they do and ensure that cached modules from
Fastlibs and directories can both be loaded, which was not previously
possible since the demand_load_module only called load_module_from_file.
[#36737359]
On Linux, some of the unqualified constants that resolve on Mac OS X,
don't resolve, so to prevent errors (and because I can't justify why the
unqualified constants should resolve on OS X), I'm qualifying all the
Msf constants that are referenced in the code I've refactored.
[#36737359]
Fix the YARD docs to document the return values and make them consistent
with the modules being called. Ensure the force flag is passed as an
option to load_modules instead of a positional argument.
[#36737359]
When starting msfconsole, 'bundler/setup' is not required, the
'msf/env/gemcache' is required instead. Unlike 'bundler/setup' the
msf/env gemcache does not do the automatic requires for gems in the
cache, so explicit requires on 'active_support/concern' is needed to get
ActiveSupport::Concern defined. (I could have done require
'active_support' to match the behavior of 'bundler/setup', but a smaller
require seemed more appropriate.
removes unnecessary parens (and yes I confirmed they are properly
paired), and adds some comments regarding this as not being an ideal
solution, but rather a stopgap
Changed lexical scope when I changed the declaration from module Msf;
class ModuleSet to class Msf::ModuleSet so that constants in Msf would
not automatically resolve.
I wasn't using any the features of ActiveSupport::Concern in
Msf::ModuleManager::Reloading, so remove the extend and just include it
as a regular module.
Came up on IRC, I'm not attached to it, but this commit adds the
rename_file method to lib/msf/core/post/file.rb and aliases it to
move_file and mv_file
[Fixes#36737359]
Refactor Msf::ModuleManager into concerns so its easier to understand and
duplicate code can be made DRY. The refactoring also ensures that when
loading from directories, Fastlibs, or reloading, the wrapper module will
always be named so that activesupport/dependencies will function.
[#36737359]
active_support/dependencies cannot resolve missing constants in Metasploit
modules because the wrapper module is anonymous. In order to make the
wrapper module non-anonymous, the module must be assigned to a constant.
Since we don't want modules colliding, the wrapper module needs a unique
name, so use the module lookup name to derive the proper nested module names
to namespace the wrapper module. All derived modules are nested under
Msf::Modules. The name derivation handles invalid characters for constant
names such as digits as the first character or non-alphanumeric character.
The invalid constant name characters are converted to their hex value and
prefixed with X, so '-' in a name become 'X2d'.
for convenience when you don't need/want a full resource file, you just
want to run something quick
example usage:
# say you have a saved config ready to go on load
./msfconsole -s 'exploit -j'
# you can run multiple commands too
./msfconsole -s 'set ConsoleLogging true\nshow options'
Some users requested this be added to the ps
command via a -S opt instead of creating a new command.
This limits the search to only one search parameter at a time
but with the ability to pass RegEx I think that's fine
Often in HTTP modules, people are forced to to use 'data' instead
of 'vars_get' or 'vars_post', because the parameters (especially
the names) are URI-encoded, and the application actually may not
recognize the names/values. The new 'encode_params' option allows
that feature to be disabled. However, to make sure we're not
changing existing HTTP modules' behaviors, 'encode_params' is
still true by default (which is the original behavior we've always
been using).
fs.rb was originally attempting to call the "close" method on a
string holding the temporary path to the file being editted.
Replaced with ::File.delete(temp_path).
findpids calls client.sys.process.get_processes like ps
but then filters out any processes that do not match
one of the process names supplied as arguments to the command.
`findpids explorer.exe notepad.exe` will return all processes
named explorer.exe or notepad.exe Allows for quick searching for
the pid you want. ideal for migration
The 'unless' statement expects there's always a value for USERNAME
and PASSWORD. We might as well just set '' as the default value
to avoid the NoMethodError mistake. Related to bug #7140.
Luke Imhoff
David Maloney
jvazquez-r7
James Lee
HD Moore
sinn3r
scriptjunkie
Rob Fuller
corelanc0d3r
Tod Beardsley
Meatballs
Raphael Mudge
m m
kernelsmith
joe
Ramon de C Valle
Samuel Huckins
midnitesnake
Adam Dalton
RageLtMan
Stephen Haywood